Controlling access to electronic documents

US 7,383,263 B2
Filed: 11/25/2003
Issued: 06/03/2008
Est. Priority Date: 11/29/2002
Status: Active Grant

First Claim

Patent Images

1. A computer system for protecting electronic documents, comprising:

a repository for storing an electronic document having a document attribute;

an access layer operable to control access to the electronic document, wherein the access layer is used by an accessor to access at least one portion of the electronic document, the accessor having an accessor attribute;

a rule set;

an expert system, wherein the expert system provides authorization information to the access layer in response to a request, and wherein the expert system is operable to determine the authorization information comprising an access behavior with regards to the at least one portion, and wherein the expert system determines access behavior by evaluating rules of the rule set with reference to at least the document attribute and the accessor attribute when the accessor tries to access the at least one portion using the access layer; and

a framework, the framework generating a runtime representation of the document that references the document and restricts the access of the accessor to the document in accordance with the access behavior.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, for protecting electronic documents. A computer system includes a repository for storing an electronic document that has a document attribute. An access layer is used by an accessor to access at least one portion of the electronic document. The accessor has an accessor attribute. An expert system is operable to determine an access behavior with regards to the at least one portion by evaluating rules of a rule set with reference at least to the document attribute and the accessor attribute when the accessor tries to access the at least one portion using the access layer.

Citations

30 Claims

1. A computer system for protecting electronic documents, comprising:
- a repository for storing an electronic document having a document attribute;
  
  an access layer operable to control access to the electronic document, wherein the access layer is used by an accessor to access at least one portion of the electronic document, the accessor having an accessor attribute;
  
  a rule set;
  
  an expert system, wherein the expert system provides authorization information to the access layer in response to a request, and wherein the expert system is operable to determine the authorization information comprising an access behavior with regards to the at least one portion, and wherein the expert system determines access behavior by evaluating rules of the rule set with reference to at least the document attribute and the accessor attribute when the accessor tries to access the at least one portion using the access layer; and
  
  a framework, the framework generating a runtime representation of the document that references the document and restricts the access of the accessor to the document in accordance with the access behavior.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer system of claim 1, where the rule set is stored in a knowledge base and the access behavior is defined in the knowledge base.
  - 3. The computer system of claim 1, where the expert system returns the access behavior to the access layer to control the access of the accessor.
  - 4. The computer system of claim 1, where the rule set has a rule that uses the accessor attribute and the document attribute to assert a condition on the basis of a value of the accessor attribute and a value of the document attribute.
  - 5. The computer system of claim 1, where the access layer utilizes a generic interface implemented by the document to access the document attribute from the document.
  - 6. The computer system of claim 5, where the expert system utilizes the generic interface implemented by the document to retrieve structure meta data of the document that describes the structure of the document.
  - 7. The computer system of claim 6, where the structure meta data indicates that the at least one portion is an inner subportion of an outer portion of the document and the access layer allows the accessor to access the inner subportion but prevents the accessor from accessing the outer portion.
  - 8. The computer system of claim 6, where the structure meta data has at least one structure element that is associated with a key that influences the access behavior for the at least one structure element.
  - 9. The computer system of claim 1, where at least one of:
    - the document attribute comprises at least one of document type, document structure information, document meta data, document relationship information, and document access behavior;
      
      the accessor attribute comprises at least one of user role, user group, process type, and application type;
      
      the access behavior comprises at least one of hidden, protected, read, modify, delete, create, print, copy, transport, archive, and custom access behavior; and
      
      the accessor comprises at least one of user, application, and process.
  - 10. The computer system of claim 1, where a change of the rule set affects substantially simultaneously the access behavior to the at least one portion without the need to change the document or the accessor.

11. A method for controlling access to electronic documents, comprising:
- receiving a request from an accessor to access at least one portion of an electronic document stored in a repository, with the electronic document having a document attribute and the accessor having an accessor attribute;
  
  requesting authorization information from an expert system with regards to the authorization of the accessor to the at least one portion in response to receiving the request;
  
  receiving from the expert system the authorization information including an access behavior with regards to the at least one portion, where the access behavior is determined by applying rules of a rule set to data comprising at least the document attribute and the accessor attribute;
  
  generating a runtime representation of the document that references the document and restricts the access of the accessor to the document in accordance with the access behavior; and
  
  granting the accessor access to the at least one portion according to the access behavior.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, where the access behavior is defined in a knowledge base and the rule set is stored in the knowledge base.
  - 13. The method of claim 11, where the rule set has a rule that uses the accessor attribute and the document attribute to assert a condition on the basis of a value of the accessor attribute and a value of the document attribute.
  - 14. The method of claim 11, further comprising:
    - receiving an event raised by the document or raised by the runtime representation, where the event is triggered by a change of the document;
      
      causing the expert system to determine an updated access behavior in accordance with the change; and
      
      notifying at least one of the document and the runtime representation about the updated access behavior.
  - 15. The method of claim 11, where the access behavior comprises at least one of hidden, protected, read, modify, delete, create, print, copy, transport, archive, and custom access behavior.
  - 16. The method of claim 11, further comprising:
    - changing the rule set and affecting substantially simultaneously the access behavior to the at least one portion without the need to change the document or the accessor.

17. A computer program product, tangibly embodied on a machine readable storage medium, comprising instructions operable to cause a data processing apparatus to:
- receive a request from an accessor to access at least one portion of an electronic document stored in a repository, with the electronic document having a document attribute and the accessor having an accessor attribute;
  
  request authorization information from an expert system with regards to the authorization of the accessor to the at least one portion in response to receiving the request;
  
  receive from the expert system the authorization information including an access behavior with regards to the at least one portion, where the access behavior is determined by applying rules of a rule set to data comprising at least the document attribute and the accessor attribute;
  
  generate a runtime representation of the document that references the document and restrict the access of the accessor to the document in accordance with the access behavior; and
  
  grant the accessor access to the at least one portion according to the access behavior.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The product of claim 17, where access to the at least one portion of the electronic document is provided only through an access layer comprising the instructions to receive a request, request authorization, receive from the expert system authorization information, and grant the accessor access.
  - 19. The product of claim 17, where the access behavior is defined in a knowledge base and the rule set is stored in the knowledge base.
  - 20. The product of claim 17, where the rule set has a rule that uses the accessor attribute and the document attribute to assert a condition on the basis of a value of the accessor attribute and a value of the document attribute.
  - 21. The product of claim 17, wherein the instructions are further operable to:
    - receive an event raised by the document or raised by the runtime representation, where the event is triggered by a change of the document;
      
      cause the expert system to determine an updated access behavior in accordance with the change; and
      
      notify at least one of the document and the runtime representation about the updated access behavior.
  - 22. The product of claim 17, where the access behavior comprises at least one of hidden, protected, read, modify, delete, create, print, copy, transport, archive, and custom access behavior.
  - 23. The product of claim 17, wherein the instructions are further operable to:
    - change the rule set and affecting substantially simultaneously the access behavior to the at least one portion without the need to change the document or the accessor.

24. A method for controlling access to electronic documents, the method comprising:
- receiving a request from an accessor to access at least one portion of an electronic document stored in a repository, with the electronic document having a document attribute and the accessor having an accessor attribute;
  
  requesting authorization information from an expert system with regards to the authorization of the accessor to the at least one portion in response to receiving the request;
  
  receiving from the expert system the authorization information including an access behavior with regards to the at least one portion, where the access behavior is determined by applying rules of a rule set to data comprising at least the document attribute and the accessor attribute;
  
  retrieving structure meta data of the document that describes the structure of the document, where the structure meta data indicates that the at least one portion is an inner sub portion of an outer portion of the document; and
  
  granting the accessor access to the at least one portion according to the access behavior, where granting the accessor access further comprises;
  
  allowing the accessor to access the inner sub portion; and
  
  preventing the accessor from accessing the outer portion.
- View Dependent Claims (25, 26)
- - 25. The method of claim 24, where the rule set has a rule that uses the accessor attribute and the document attribute to assert a condition on the basis of a value of the accessor attribute and a value of the document attribute.
  - 26. The method of claim 24, further comprising:
    - changing the rule set and affecting substantially simultaneously the access behavior to the at least one portion without the need to change the document or the accessor.

27. A computer program product, tangibly embodied on a machine readable medium, comprising instructions operable to cause a data processing apparatus to:
- receive a request from an accessor to access at least one portion of an electronic document stored in a repository, with the electronic document having a document attribute and the accessor having an accessor attribute;
  
  request authorization information from an expert system with regards to the authorization of the accessor to the at least one portion in response to receiving the request;
  
  receive from the expert system the authorization information including an access behavior with regards to the at least one portion, where the access behavior is determined by applying rules of a rule set to data comprising at least the document attribute and the accessor attribute;
  
  retrieve structure meta data of the document that describes the structure of the document, where the structure meta data indicates that the at least one portion is an inner sub portion of an outer portion of the document; and
  
  grant the accessor access to the at least one portion according to the access behavior, where granting the accessor access further comprises;
  
  allowing the accessor to access the inner sub portion; and
  
  preventing the accessor from accessing the outer portion.
- View Dependent Claims (28, 29, 30)
- - 28. The product of claim 27, where access to the at least one portion of the electronic document is provided only through an access layer comprising the instructions to receive a request, request authorization, receive from the expert system authorization information, and grant the accessor access.
  - 29. The product of claim 27, wherein the instructions are further operable to:
    - receive an event raised by the document or raised by the runtime representation, where the event is triggered by a change of the document;
      
      cause the expert system to determine an updated access behavior in accordance with the change; and
      
      notify at least one of the document and the runtime representation about the updated access behavior.
  - 30. The product of claim 27, wherein the instructions are further operable to:
    - change the rule set and affecting substantially simultaneously the access behavior to the at least one portion without the need to change the document or the accessor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Goger, Karl
Primary Examiner(s)
Hosain; Alam
Assistant Examiner(s)
Ahluwalia; Navneet K

Application Number

US10/722,373
Publication Number

US 20040133849A1
Time in Patent Office

1,652 Days
Field of Search

707 1- 10, 707100-1041, 707200-205
US Class Current

715/741
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Controlling access to electronic documents

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to electronic documents

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links